Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.

Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.

Patches for supported releases are also incorporated into the
-stable branch.

008: SECURITY FIX: February 8, 2018All architectures
A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.
A source code patch exists which remedies this problem.